Jeff Leggett

Qualys Cloud Platform 2.41 (WAS/WAF) API notification 1

Blog Post created by Jeff Leggett Employee on Sep 26, 2019

A new release of Qualys Cloud Platform v2.41 (WAS/WAF) includes an updated API which is targeted for release in September 2019. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the coming API, allowing you to identify use cases that can leverage this updated API.


What’s New
WAS API: New DNS Override Support
/qps/rest/3.0/get/was/dnsoverride/{id}
/qps/rest/3.0/count/was/dnsoverride/
/qps/rest/3.0/search/was/dnsoverride/
/qps/rest/3.0/create/was/dnsoverride/
/qps/rest/3.0/update/was/dnsoverride/{id}
/qps/rest/3.0/delete/was/dnsoverride/{id}
By default we'll use the DNS for the web application URL to crawl the web app and perform scanning. If you provide a DNS override record through our new API, we'll use the mappings in your record instead.

 

HTTP Profile API: Support for Keeping/Removing Accept Encoding Header Field in Request Header
/qps/rest/2.0/get/waf/httpprofile/<id>
/qps/rest/2.0/search/waf/httpprofile
/qps/rest/2.0/create/waf/httpprofile/qps
/rest/2.0/update/waf/httpprofile
You can now create an HTTP profile for your web application to specify the WAF application to either retain or remove the Accept Encoding header field in requests. If you choose to retain the Accept Encoding header field then WAF will keep the header field in requests that contain this header field while forwarding the requests to your web application. By default, WAF will remove this header field.

 

New API to Search for Security Events
/qps/rest/2.0/search/waf/eventlog
You can now search for security events detected for your web application in the event log using the search filters provided by the Eventlog API.

Outcomes